Date: Thu, 5 Oct 2000 20:07:56 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Mike <mikenoc@mindspring.net> Cc: questions@FreeBSD.ORG Subject: Re: Natd not working properlly. Message-ID: <20001005200756.G25121@149.211.6.64.reflexcom.com> In-Reply-To: <000801c02f88$8f01ee20$b400a8c0@atl.mediaone.net>; from mikenoc@mindspring.net on Fri, Oct 06, 2000 at 07:28:31AM -0400 References: <000801c02f88$8f01ee20$b400a8c0@atl.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[your paragraphs are all n one line. Please wrap your lines at about 72 columns or so.] On Fri, Oct 06, 2000 at 07:28:31AM -0400, Mike wrote: > Hello I am having problems getting natd to work correctly. I have BSD running as > the server with 2 NIC cards one has the cable modem plugged into it. The other is pluged into the HUB. I also have a Windows box plugged into the hub. From the Windows box I asigned a private IP 192.168.0.5 and the gateway as the private IP 192.168.0.1 that I asigned on my FreeBSD box for the NIC going into the HUB. I also asigned the IP addresses for the name servers in TCP/IP on the windows box. > >From the Windows Box I can ping the gateway 192.168.0.1 and I can also ping the IP address asigned by my cable provider but I cannot ping past that or get web pages. I used the web sight http://www.mostgraveconcern.com/freebsd/ as a refference and below I have the configuration from my box. If anyone has any sugestions I would most apprecaite it. Sounds like you should be in good shape. Let's see what's going on... > ***** Kernel ****** > > options IPFIREWALL_DEFAULT_TO_ACCEPT #firewall This is seldom required and is ususally not good policy. However, it may be cluing us into the trouble. > options IPDIVERT #divert sockets > options IPFIREWALL_VERBOSE #print information about > #options "IPFIREWALL_VERBOSE_LIMIT=100" #limit verbosity > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN > options TCP_RESTRICT_RST #restrict emission of TCP RST > > *** rc.conf **** > > gateway_enable="YES" > firewall_enable="YES" # Set to YES to enable firewall functionality > firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall > firewall_type="open" # Firewall type (see /etc/rc.firewall) > firewall_quiet="YES" # Set to YES to suppress rule display > natd_program="/sbin/natd" # path to natd, if you want a different one. > natd_enable="YES" # Enable natd (if firewall_enable == YES). > natd_interface="ep0" # Public interface or IPaddress to use. > natd_flags="-f /etc/natd.conf" # Additional flags for natd. This all looks good. Except why do you have the 'firewall_quiet' on during debugging? Might want to leave that on. Just a few extra lines during boot up. It may help with this problem. > **** natd.conf ****** > > dynamic yes > use_sockets yes > same_ports yes OK. > **** IPFW **** > > bash# ipfw list > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 65000 allow ip from any to any > 65535 deny ip from any to any > bash# Now we see the trouble. There is no 'divert' rule sending the packets to natd(8). This is obviously the immediate reason this is not working. This raises the question of 'why is the divert rule not there?' You have 'natd_enable' and 'firewall_enable' set. The rc.firewall script should take care of it for you. Then we notice that your default rule is a 'deny' rule. You may have changed your kernel config, but my best guess is that you have not built and installed the new kernel. How did you go about making a new one? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001005200756.G25121>